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CLAIM AMENDMENTS 



1 1 . (currently amended) A method for controlling input/output (I/O) operations of 

2 a user's computer comprising the following steps: 

3 implementing the user's computer as a virtual machine (VM); 

4 including an interface software component between the VM and a physical 

5 computer system that includes at least one device; 

6 in the interface software component: 

7 sensing a request for an I/O operation between the VM and the device; 

8 performing a transformation of I/O data passing between the VM and the device, 

9 said transformation changing contents of the I/O data and being adjunct to necessary 

10 completion of the request, as issued, for the I/O operation; 

1 1 the transformation of the I/O data thereby being undefeatable by any user action 

12 via the VM. 

1 2. (previously presented) A method as in claim 1, in which: 

2 the device is a display; 

3 the I/O data is VM display data output from the VM and intended for display; and 

4 the transformation is a replacement of at least a portion of the VM display data 

5 with non-defeatable display data stored external to the VM; 

6 further including the step of displaying the VM display data with the non- 

7 defeatable display data overlaid. 

1 3. (previously presented) A method as in claim 1, further including the following 

2 steps: 

3 filtering the I/O data with respect to at least one predetermined filtering condition; 

4 and 

5 performing the transformation of the I/O data only when the filtering condition is 

6 met 
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1 4. (previously presented) A method as in claim 3, in which the filtering condition 

2 is that the I/O data includes at least one restricted term. 

1 5. (previously presented) A method as in claim 3, in which the filtering condition 

2 is that the I/O data is from a restricted source. 

1 6. (previously presented) A method as in claim 3, in which: 

2 the I/O data includes image data; 

3 the step of filtering the I/O data comprises detecting the presence of a 

4 representation of a target image within the image data; and 

5 the transformation is substitution of a representation of a replacement image in 

6 place of the representation of the target image. 

1 7. (original) A method as in claim 6, in which: 

2 the I/O data is in a non-character image format; 

3 the target image is a representation of a restricted character string; and 

4 the step of filtering the I/O data comprises applying character recognition to the 

5 I/O data. 

1 8. (previously presented) A method as in claim 3, in which the filtering condition 

2 is the presence in the I/O data of a copy protection indication. 

1 9. (previously presented) A method as in claim 1, in which the transformation 

2 comprises insertion into the I/O data of a source indication associated with the VM. 

1 10. (original) A method as in claim 1, in which the transformation is time- 

2 varying. 

1 11. (original) A method as in claim 1, in which the device is a network 

2 connection device. 
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1 12. (previously presented) A method as in claim 11 , in which the transformation 

2 is a bandwidth limiting of the I/O data being transferred between the VM and the 

3 network connection device. 

1 13. (previously presented) A method as in claim 11 , in which: 

2 the requested I/O operation is a transfer of the I/O data between the VM and the 

3 network connection device; and 

4 the transformation is a time delay of the transfer. 

1 14. (previously presented) A method as in claim 1 1 , in which: 

2 the requested I/O operation is a transfer of the I/O data from the VM to a first 

3 destination address via the network connection device; 

A the transformation is a redirection of the I/O data to a second destination address 

5 different from the first. 

1 15. (previously presented) A method as in claim 1, in which: 

2 the device is a display; 

3 the display renders data stored in a display map; and 

4 the step of performing the transformation comprises altering a selected portion of the 

5 display map. 

1 16. (previously presented) A method as in claim 15, in which the step of 

2 altering the selected portion of the display data comprises substituting non-defeatable 

3 display data for the selected portion. 

1 17. (previously presented) A method as in claim 15, in which the step of 

2 altering the selected portion of the display data comprises changing all occurrences in 

3 the display map of a display color to a replacement color. 
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1 18. (previously presented) A method as in claim 1, in which: 

2 the device is a data storage device; 

3 the requested I/O operation is a transfer of data between the VM and the storage 

4 device; and 

5 the step of performing the transformation comprises changing at least a portion 

6 of the data during the transfer between the VM and the storage device. 

1 19. (previously presented) A method as in claim 18, in which the step of 

2 performing the transformation of the I/O data comprises encrypting data written by the 

3 VM to the data storage device and decrypting data read from the data storage device by 

4 the VM. 

1 20. (previously presented) A method as in claim 18, in which the step of 

2 performing the transformation of the I/O data comprises compressing data written by the 

3 VM to the data storage device and decompressing data read from the data storage 

4 device by the VM. 

1 21. (previously presented) A method as in claim 1, in which: 

2 the device is a network connection device; 

3 the requested I/O operation is a transfer of data between the VM and the network 

4 connection device; and 

5 the step of performing the transformation comprises changing at least a portion 

6 of the data during the transfer between the VM and the network connection device. 

1 22. (previously presented) A method as in claim 21 , in which the step of 

2 performing the transformation of the I/O data comprises encrypting data written by the 

3 VM to the network connection device and decrypting data read from the network 

4 connection device by the VM. 
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1 23. (previously presented) A method as in claim 21 , in which the step of 

2 performing the transformation of the I/O data comprises compressing data written by the 

3 VM to the network connection device and decompressing data read from the network 

4 connection device by the VM. 

1 24. (previously presented) A method as in claim 1, in which the step of 

2 performing the transformation of the I/O data comprises cryptographic transformation of 

3 the I/O data. 

1 25. (previously presented) A method as in claim 3, in which: 

2 the VM supports a plurality of I/O modes; 

3 the step of filtering is performed on I/O data corresponding to a first one of the 

4 plurality of I/O modes; and 

5 the predetermined transformation is applied to I/O data in a second one of the I/O 

6 modes when the I/O data in the first I/O mode satisfies a transformation-triggering 

7 criterion. 

1 26. (original) A method as in claim 25, in which the I/O modes include a video 

2 mode and an audio mode. 
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1 27. (currently amended) A method for controlling input/output (I/O) of a user's 

2 computer comprising the following steps; 

3 implementing the user's computer as a virtual machine (VM); 

4 including an interface software component between the VM and a physical 

5 computer system that includes at least one device, that carries out an I/O operation on 

6 the basis of device control data; 

7 storing the device control data associated with the VM in a buffer; 

8 upon sensing a transformation command from an administrative system external 

9 to the VM, changing contents of the device control data bv entering replacement data 

10 into at least a portion of the buffer, said replacement data being entered as a processing 

1 1 step that is adjunct to the necessary completion of the I/O operation; 

12 the entry of the replacement data thereby being undefeatable by any action 

1 3 initiated via the VM. 

1 28. (currently amended) A system having a processor for controlling 

2 input/output (I/O) operations of a user's computer, comprising: 

3 a virtual machine (VM) constituting the user's computer; 

4 an interface software component between the VM and a physical computer 

5 system that includes at least one device; 

6 the interface software component including computer-executable code: 

7 for sensing a request for an I/O operation between the VM and the device; 

8 and 

9 for performing a transformation of I/O data passing between the VM and 

10 the device, said transformation changing contents of the I/O data and being adjunct to 

11 necessary completion of the request, as issued, for the I/O operation; 

12 the transformation of the I/O data thereby being undefeatable by any action via 

13 theVM. 
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1 29. (original) A system as in claim 28, in which the device is a display and the 

2 I/O data is VM display data. 

1 30. (previously presented) A system as in claim 29, further comprising: 

2 a display buffer for storing the VM display data that is output from the VM and is 

3 intended for display; and 

4 a transformation software module comprising computer-executable code within 

5 the interface software component for replacing at least a portion of the VM display data 

6 stored in the display buffer with non-defeatable display data; 

7 in which the display is provided for displaying the contents of the display buffer. 

1 31 . (original) A system as in claim 28, in which the device is a data storage 

2 device. 

1 32. (original) A system as in claim 28, in which the device is a network 

2 connection device. 
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REMARKS 



I first want to thank Examiner To for calling me yesterday - twice - to discuss this 
application. As agreed, claims 1 and 28 now have been amended to state "... said 
transformation changing contents of the I/O data and being adjunct to necessary 
completion of the request The remaining independent claim 27 does not refer to 
M l/0 data" but rather to "device control data" and the syntax of claim 27 Is slightly 
different from that of claims 1 and 28, such that it sounds awkward to add the agreed- 
upon phrase right before the word "adjunct." Claim 27 has therefore been amended to 
include the new phrase, but adjusted to fit the language of claim 27. Accordingly, the 
amended element of claim 27 now reads: 

"upon sensing a transformation command from an administrative 
system external to the VM, changing contents of the device control data by 
entering replacement data into at least a portion of the buffer, said 
replacement data being entered as a processing step that is adjunct to the 
necessary completion of the I/O operation" 

The Examiner required the phrase "having a processor" to be inserted after 
"system" in the first line of claim 28 so that the claim will accord with the USPTO 
Guidelines relating to 35 U.S.C. §101 for such system claims. This has been done. As 
the specification, drawings, and general knowledge in the art of computer science make 
clear, it should be understood that the processor (Fig. 1 f CPU 1 1 0) may be the same as 
the CPU of the user's computer. 

All of the claims should now be allowable. 

Date: 22 March 2007 Respectfully submitted, 
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